Search
Content type: Examples
On the second day of India's nationwide shutdown due to the COVID-19 outbreak, the Karnataka government published the home addresses of quarantined residents, as a deterrent to breaking the rules. The list included individuals who had flown in from a foreign country and been asked to stay indoors for two weeks but who had not tested positive for the novel coronavirus. Although the government deleted a tweet announcing its intention, the list is still available on its website and is circulating…
Content type: News & Analysis
This week International Health Day was marked amidst a global pandemic which has impacted every region in the world. And it gives us a chance to reflect on how tech companies, governments, and international agencies are responding to Covid-19 through the use of data and tech.
All of them have been announcing measures to help contain or respond to the spread of the virus; but too many allow for unprecedented levels of data exploitation with unclear benefits, and raising so many red flags…
Content type: Examples
The company that makes the Natural Cycles women’s fertility app has added n optional service to allow users to track Covid-19 symptoms as well as positive and negative tests. As part of its fertility service, the app already takes each user’s basal body temperature daily; enabling the additional functionality is intended to help understand the spread of the virus and its effects across the world.
Source: https://www.independent.co.uk/life-style/health-and-families/health-news/coronavirus-…
Content type: Examples
The World Health Organization will partner with major blockchain and technology companies to launch a distributed ledger-based platform to be dubbed "MiPasa" that it says will facilitate "fully private information sharing between individuals, state authorities, and health institutions" by cross-referencing siloed location and health data to create global insights. The WHO believes the system can ensure patient privacy. MiPasa also expects to host an array of publicly accessible analytics tools…
Content type: Examples
The UK's National Health Service is collaborating with Palantir to launch a data platform that will track the movement of critical staff and materials; it will, for the first time, give ministers a dashboard showing the first-ever comprehensive view of the entire health care system. The data Palantir gathers into a data store from across the health sector will not include individual patient data; instead, it will include A&E capacity, calls to the NHS 111 hotline, and the number and…
Content type: Examples
Together with Norwegian company Simula the Norwegian Institute of Public Health is developping a voluntary app to track users geolocation and slow the spread of Covid-19. Running in the background, the app will collect GPS and Bluetooth location data and store them on a server for 30 days. If a user is diagnosed with the virus, its location data can be user to trace all the phones that have been in close contact with the person. Authorities will use this data to send an SMS only to those phones…
Content type: Examples
On March 20, the Peruvian government introduced a website where citizens can retrieve the results of tests for COVID-19. The site asks only for the patient to fill in their National ID number and a simple captcha, making it easy for unauthorised parties to access others' results and put people at risk of exploitation and discrimination.
Source: https://saludconlupa.com/noticias/peru-debilidades-de-plataforma-del-ministerio-de-salud-pueden-exponer-informacion-clinica-de-pacientes-covid-19…
Content type: Examples
The new Singaporean app, TraceTogether, developed by the Government Technology Agency in collaboration with the Ministry of Health was launched on March 20 after eight weeks of development. The app, which can be downloaded by anyone with a Singapore mobile number and a Bluetooth-enabled smartphone, asks users to turn on Bluetooth and location services, and enable push notifications. The app works by exchanging short-distance Bluetooth signals between phones to detect other users within two…
Content type: Examples
The self-testing web app issued by Argentina's Secretariat of Public Innovation asks for national ID number, email and phone as mandatory fields in order to submit the test. The Android version requires numerous permissions: calendar, contacts, geolocation data (both network-based and GPS), microphone, camera, full network access; change audio settings, run at startup; draw over other apps, prevent device from sleeping.
Sources:
https://www.argentina.gob.ar/coronavirus/app
https://play.…
Content type: Examples
At the MIT Media lab, Ramesh Raskar is leading a team that includes software engineers at companies such as Facebook and Uber to develop the free and open source app Private Kit: Safe Paths. The app is intended to share encrypted information between phones in the network without going through a central authority so that individuals can see if they've come in contact with someone carrying the coronavirus. Anyone who tests positive can choose to share location data with health officials, who can…
Content type: Examples
Kinsa Health, which has sold or given away more than 1 million internet-connected thermometers to household covering 2 million people, finds that the maps it creates showing the difference between expected (based on years of data the company has collected) and reported levels of fever may act as an early warning system for spreading illness. Abut 90% of COVID-19 patients have fever. The company has posted its data and maps to medRxiv, and also to a new website it has built.
Source: https…
Content type: Examples
Because tracking and limiting the movement of those suspected to be carrying COVID-19 carriers has been a factor in flattening the exponential curve of cases in places like Singapore, Taiwan, and South Korea, Professor Marylouise McLaws, a technical advisor to the WHO's Infection Prevention and Control Global Unit and a professor at the University of New South Wales, believes that we should use travellers' smartphones to electronically monitor their compliance with self-isolation orders.…
Content type: Examples
The Thai Tech Startup Association, Department of Disease Control (Ministry of Public Health), Digital Economy Promotion Agency (Ministry of Digital Economy and Society), and National Innovation Agency have developed a questionnaire on an app which as adverised on the Thai Tech Startup Associaiton the questionnaire is designed for people to self-assess if they are in high risk or not. Developed by the Department of Diseases the questionnaire asks a variety of questions related to symptoms…
Content type: Examples
Hakob Arshakyan, Armenia's minister of the high technology industry, has convened a research group comprising experts in IT and AI has been convened to collect and analyse data on the spread of coronavirus, compare it with the data collected by international partners, and develop forecasts. The minister believes that the research group's work will help provide accurate and reliable information that will help coordinate and manage containment efforts. As of March 19, Armenia had confirmed 122…
Content type: Long Read
This piece was written by Aayush Rathi and Ambika Tandon, who are policy officers at the Centre for Internet and Society (CIS) in India. The piece was originally published on the website Economic Policy Weekly India here.
In order to bring out certain conceptual and procedural problems with health monitoring in the Indian context, this article posits health monitoring as surveillance and not merely as a “data problem.” Casting a critical feminist lens, the historicity of surveillance practices…
Content type: Report
The changes discussed in this article are based on a second analysis performed in late November, 3 months after the original study Your Mental Health is for Sale and following the exact same methodology. All data collected can be found at the bottom of this page.
Change is possible
Back in September 2019 we published the report Your Mental Health is for Sale exposing how a majority of the top websites related to mental health in France, Germany and the UK share data for advertising purposes.…
Content type: Case Study
In the Xingjiang region of Western China, surveillance is being used to facilitate the government’s persecution of 8.6million Uighur Muslims.
Nurjamal Atawula, a Uighur woman, described how, in early 2016, police began regularly searching her home and calling her husband into the police station, as a result of his WeChat activity.
WeChat is a Chinese multi-purpose messaging, social media and mobile payment app. As of 2013, it was being used by around 1million Uighurs, but in 2014 WeChat was…
Content type: Long Read
Following a series of FOI requests from Privacy International and other organisations, the Department of Health and Social Care has now released its contract with Amazon, regarding the use of NHS content by Alexa, Amazon’s virtual assistant. The content of the contract is to a big extent redacted, and we contest the Department of Health’s take on the notion of public interest.
Remember when in July this year the UK government announced a partnership with Amazon so that people would now…
Content type: News & Analysis
Photo by Ray Witlin / World Bank CC BY-NC-ND 2.0
This article has been written by Ambika Tandon, Policy Officer at the Centre for Internet and Society, in collaboration with Privacy International.
On October 17th 2019, the UN Special Rapporteur (UNSR) on Extreme Poverty and Human Rights, Philip Alston, released his thematic report on digital technology, social protection and human rights. Understanding the impact of technology on the provision of social protection – and, by extent, its…
Content type: Long Read
A new study by Privacy International reveals how popular websites about depression in France, Germany and the UK share user data with advertisers, data brokers and large tech companies, while some depression test websites leak answers and test results with third parties. The findings raise serious concerns about compliance with European data protection and privacy laws.
This article is part of a research led by Privacy International on mental health websites and tracking. Read our…
Content type: Report
The full report of Privacy International's study on how popular websites about depression in France, Germany and the UK share user data with advertisers, data brokers and large tech companies, while some depression test websites leak answers and test results with third parties. The findings raise serious concerns about compliance with European data protection and privacy laws.
Content type: Long Read
Photo by David Werbrouck on Unsplash
This is an ongoing series about the ways in which those searching for abortion information and procedures are being traced and tracked online. This work is part of a broader programme of work aimed at safeguarding the dignity of people by challenging current power dynamics, and redefining our relationship with governments, companies, and within our own communities. As an enabling right, privacy plays an important role in supporting the exercise of…
Content type: Examples
In February 2019, an anonymous tip-off to Computer Sweden revealed that a database containing recordings of 170,000 hours of calls made to the Vårdguiden 1177 non-emergency healthcare advice line was left without encryption or password protection on an open web server provided by Voice Integrate Nordic AB. After the breach was discovered, MedHelp, which runs the 1177 service, shut the server down and found that 55 call files had been illegally downloaded from seven different IP addresses. Nine…
Content type: Examples
In January 2019, it was discovered that the HIV-positive status of 14,200 people in Singapore, as well as their identification numbers and contact details, had been leaked online. According to a statement of the Ministry of Health, records leaked include 5,400 Singaporeans diagnosed as HIV-positive before January 2013, and 8,800 foreigners diagnosed before December 2011. Patient names, identification numbers, phone numbers, addresses, HIV test results and medical information was included in the…
Content type: Long Read
The Privacy International Network is celebrating Data Privacy Week, where we’ll be talking about how trends in surveillance and data exploitation are increasingly affecting our right to privacy. Join the conversation on Twitter using #dataprivacyweek.
It is often communities who are already the most marginalised who are at risk because of the privacy invasions of data-intensive systems. Across the globe, we see the dangers of identity systems; the harms of online violence against women and the…
Content type: Examples
In 2012, London Royal Free, Barnet, and Chase Farm hospitals agreed to provide Google's DeepMind subsidiary with access to an estimated 1.6 million NHS patient records, including full names and medical histories. The company claimed the information, which would remain encrypted so that employees could not identify individual patients, would be used to develop a system for flagging patients at risk of acute kidney injuries, a major reason why people need emergency care. Privacy campaigners…
Content type: Examples
In 2015, the Swedish startup hub Epicenter began offering employees microchip implants that unlock doors, operate printers, and pay for food and drink. By 2017, about 150 of the 2,000 workers employed by the hub's more than 100 companies had accepted the implants. Epicenter is just one of a number of companies experimenting with this technology, which relies on Near Field Communication (NFC). The chips are biologically safe, but pose security and privacy issues by making it possible to track…
Content type: Examples
Connecticut police have used the data collected by a murder victim's Fitbit to question her husband's alibi. Richard Dabate, accused of killing his wife in 2015, claimed a masked assailant came into the couple's home and used pressure points to subdue him before shooting his wife, Connie. However, her Fitbit's data acts as a "digital footprint", showing she continued to move around for more than an hour after the shooting took place. A 2015 report from the National Institute of…
Content type: News & Analysis
It is a long-standing privacy principle that an individual should have access to their personal information. This is particularly necessary in healthcare - after all there is nothing more personal than health information.
As the mass digitisation of health records increases, many issues arise about this access right. The right of 'subject access' comes with its own complexities. One challenge is that individuals can sometimes be compelled to conduct subject access requests in…
Content type: News & Analysis
We very much welcome today's announcement by Health Secretary Jeremy Hunt that people will be allowed to opt out of having their medical records shared in the NHS England centralised information bank.
The move is an important one for data privacy and patient choice, and has been a key objective of Privacy International in our collaboration with the new medConfidential (which launched yesterday). A month ago, NHS England (and the Director of…